Table Of Contents
Release Notes for Cisco NAC Guest Server, Version 2.1
Contents
Cisco NAC Guest Server Releases
System Requirements
Hardware Supported
Browsers Supported
Determining the Software Version
Re-Imaging the Appliance
Upgrading to Software Release 2.1 from 2.0.x
Upgrading to Software Release 2.1 from 1.x.x
Upgrading to Software Release 2.1 Without Replication
Upgrading to Software Release 2.1 With Replication Enabled from 1.x.x
New and Changed Information
Enhancements in Release 2.1
New Hardware Platform Support
Support for Internet Explorer 10
Features Removed in Release 2.1
Caveats
Open Caveats - Release 2.1
Known Issues for Cisco NAC Guest Server
Known Issue with SSL Certificate
Known Issue with BIOS Settings in NAC-3315
Known Issue with Database Size
Documentation Updates
Related Documentation
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco NAC Guest Server, Version 2.1
Revised: August 21, 2013, OL-28255-01
Contents
These release notes provide late-breaking and release information for Cisco NAC Guest Server, Release 2.1. This document describes new features, changes to existing features, limitation and restrictions ("caveats"), upgrade instructions and related information.
These release notes supplement the Cisco NAC Guest Server Installation and Configuration Guide, Release 2.1.
•
Cisco NAC Guest Server Releases
•System Requirements
•Re-Imaging the Appliance
•Upgrading to Software Release 2.1 from 2.0.x
•Upgrading to Software Release 2.1 from 1.x.x
•New and Changed Information
•Caveats
•Known Issues for Cisco NAC Guest Server
•Documentation Updates
•Obtaining Documentation and Submitting a Service Request
Cisco NAC Guest Server Releases
Cisco NAC Guest Server Version
|
Release Date
|
2.1 ED
|
November 27, 2012
|
Note Any ED release of software should be deployed to a test network first before being deployed to a production environment.
System Requirements
The Cisco NAC Guest Server can be integrated with the Cisco NAC Appliance Clean Access Manager through its API, or with Cisco Wireless LAN controllers through the RADIUS protocol. Cisco NAC Guest Server is compatible with the Cisco NAC Appliance and Cisco Wireless LAN Controller component versions shown in Table 1.
Table 1 Components Supported by Cisco NAC Guest Server Release 2.1
Cisco NAC Guest Server Version
|
Cisco NAC Appliance Version
|
Wireless LAN Controller Version
|
2.0.4 and later
|
4.8(x) and later
|
4.0.219 and later
|
Hardware Supported
The Cisco NAC Guest Server is a standalone hardware appliance based on the following Cisco NAC Appliance platforms:
•NAC-3415
•NAC-3315
Note•Cisco NAC Appliance platform (NAC-3415) supports fresh installation of only Release 2.1.
•Next generation Cisco NAC Appliance platform (NAC-3315) supports fresh installation of only Release 2.0.2 and later.
•Cisco NAC Guest Server Release 2.1 does not support NAC-3310.
For details on Cisco NAC Appliance hardware platforms, refer to the Cisco NAC Appliance Hardware Installation Quick Start Guide available on Cisco.com at http://www.cisco.com/en/US/products/ps6128/prod_installation_guides_list.html
Browsers Supported
The Cisco NAC Guest Server is supported by the following web browsers:
•Internet Explorer 10 is supported starting from NAC Guest Server Release 2.1
•Internet Explorer 9.0 is supported starting from NAC Guest Server Release 2.0.4
•Internet Explorer 8.0, 7.0, and 6.0
•Safari
•Google Chrome
•Firefox
Determining the Software Version
The bottom left of the Cisco NAC Guest Server administrator console displays the software version. You can also click the About button to get more details of the release. To determine the current software version, login to the administration interface.
To view the software version from the command line:
1. SSH or console to the Cisco NAC Guest Server.
2. Issue the following command on an appliance running release 1.x software:
cat /guest/www/admin/includes/version.html
3. Issue the following command on an appliance running release 2.0.0 and later software:
Re-Imaging the Appliance
When the Cisco NAC Guest Server is shipped, a default version of the system image is already preloaded on the unit, so imaging is not required. If you need to re-image the appliance to factory defaults, you can download the system image ISO from Cisco Secure Software Downloads on Cisco.com and burn this ISO file to a blank CD-ROM.
Caution Imaging the appliance deletes all data on the appliance. There is no method of recovery of data from the Guest Server after imaging has started. Make sure to backup any data that you need before starting this process.
Once you have the system image on a bootable CD, you can perform the following steps to install the system image onto the appliance.
Step 1 Download the ISO image file from the Cisco NAC Guest Server download page. Login with your Cisco.com user credentials to the Cisco Software Download Site at http://www.cisco.com/cisco/web/download/index.html and navigate to Security >Network Admission Control > Cisco NAC Guest Server > Cisco NAC Guest Server 2.1.
Step 2 Burn this ISO file to a blank CD-ROM to create a bootable disk.
Step 3 Decide whether to perform the installation using a keyboard and monitor connection or over a serial console.
a. Connect either a keyboard and monitor to the back of the unit, or
b. Attach a null modem cable to the serial port on the back of the appliance. From the computer to which the serial cable is attached, run a terminal emulation program with settings set to: 9600 baud, 8 data bits, no parity, 1 stop bit, no flow control.
Step 4 Once you have connected to the appliance, insert the bootable CD into the CD-ROM drive of the appliance.
Step 5 Power on the appliance. If the appliance is already started, switch it off and then switch it on again.
Step 6 The appliance should now boot from the CD-ROM drive and the initial install is displayed.
Caution If your Cisco NAC Guest Server does not read the software on the CD ROM drive and instead attempts to boot from the hard disk, you need to change the appliance settings to boot from CD ROM as described in section "Configuring Boot Settings on NAC-3415 / NAC-3315 Based Appliances" in the
Cisco NAC Guest Server Installation and Configuration Guide, Release 2.1.
Step 7 At the Initial Installation, run the installation according to the method you are connected to the appliance:
•If directly connected using a keyboard and monitor, type install and press <Enter>.
•If you are using a serial connection, type installserial at the boot prompt, then press <Enter>.
Step 8 The system image is automatically installed on the hard disk.
Step 9 When the install image is successfully transferred, the system reboots automatically.
Step 10 The CD-ROM automatically ejects from the appliance. Remove the CD and store it safely so that the appliance does not accidentally reboot from it at a later time.
Step 11 The Cisco NAC Guest Server appliance boots and runs the final setup of the image automatically. The imaging process is complete when the login is displayed.
Upgrading to Software Release 2.1 from 2.0.x
The steps to upgrade to 2.1 are different for upgrading from 2.0.x or 1.x. For instructions on upgrading a 1.x.x release see Upgrading to Software Release 2.1 from 1.x.x.
Note If the Cisco NAC Guest Server has replication active, you will need to do the following steps simultaneously on both Cisco NAC Guest Servers that form the replicating pair. You will also need to guarantee that there is connectivity between both.
Note If you are running an older software version of NAC Guest Server Release 2.0.3 or earlier, you must first upgrade your system to Release 2.0.4 and then to Release 2.1.
Note The /etc/httpd/conf.d/ssl.conf file is modified to allow chain certificates to be installed. During the upgrade process, this file is reset to default and the modifications are lost. This causes the failure of certificates. After the upgrade process, you need to re-configure the ssl.conf file.
The following steps need to be performed to install the 2.1 update.
Step 1 Download the nac-guest-upgrade-2-1-0.bin upgrade file from the Cisco NAC Guest Server download page. Log in with your Cisco.com user credentials to the Cisco Software Download Site at http://www.cisco.com/cisco/web/download/index.html and navigate to Security >Network Admission Control > Cisco NAC Guest Server > Cisco NAC Guest Server 2.1.
Step 2 Connect to the Cisco NAC Guest Server with an SFTP client such as WinSCP. You will need to log in using root account credentials. The default password for the account is cisco.
Step 3 Copy the nac-guest-upgrade-2-1-0.bin file using the SFTP client to the /guest/upgrade directory.
Note Ensure that the file is transferred in binary mode. Some clients (like WinSCP, for example) default to ASCII mode, which can corrupt the upgrade file.
Step 4 Connect to the Cisco NAC Guest Server console using SSH, a keyboard and monitor, or a serial connection and log in using root account credentials.
Step 5 Navigate to the /guest/upgrade directory
cd /guest/upgrade
Step 6 Run the following command at the console to ensure that the md5 value listed matches the MD5 value obtained by clicking the link to the upgrade file at http://www.cisco.com/public/sw-center/index.shtml:
md5sum nac-guest-upgrade-2-1-0.bin
Step 7 Execute the upgrade script.
sh /guest/upgrade/nac-guest-upgrade-2-1-0.bin
Step 8 When the upgrade has finished, the appliance automatically reboots and the login prompt appears.
Note A backup of the existing database is taken before the upgrade and is stored in /guest.bak. Cisco recommends backing up this directory from the appliance via SFTP.
Note The upgrade process is recorded in the /guest/logs/upgrade.log file. You can view the log file by entering less /guest/logs/upgrade.log in a command prompt window.
Upgrading to Software Release 2.1 from 1.x.x
Upgrading to Software Release 2.1 Without Replication
Software release 2.1 can be applied to an existing release 2.0.4 or later installation. If you are running release 1.x.x, then upgrade to release 2.0.4 before running the upgrade to the latest 2.1 release.
If the appliance needs to be re-imaged, refer to the instructions in the installation chapter of the Cisco NAC Guest Server Installation and Configuration Guide, Release 2.1 before applying the release 2.1 upgrade.
Note If the Cisco NAC Guest Server has replication active, you will need to follow the steps in Upgrading to Software Release 2.1 With Replication Enabled from 1.x.x.
Note The /etc/httpd/conf.d/ssl.conf file is modified to allow chain certificates to be installed. During the upgrade process, this file is reset to default and the modifications are lost. This causes the failure of certificates. After the upgrade process, you need to re-configure the ssl.conf file.
Step 1 Create a manual backup snapshot of the Cisco NAC Guest Server from the Server > Backup > Snapshot page of the Administration interface.
 |
Warning Because there is a possibility for data loss with upgrade, Cisco strongly recommends creating a backup snapshot to ensure your previous database is preserved prior to upgrade.
|
Step 1 Download the cisco-nac-guest-server-2.1-K9.iso ISO image file from the Cisco NAC Guest Server download page. Log in with your Cisco.com user credentials to the Cisco Software Download Site at http://www.cisco.com/public/sw-center/index.shtml and navigate to Security >Network Admission Control > Cisco NAC Guest Server > Cisco NAC Guest Server 2.1.
Step 2 Burn the ISO to a blank CDR disc.
Step 3 Insert the CD into the Cisco NAC Guest Server.
Step 4 Connect to the Cisco NAC Guest Server console using SSH, a keyboard and monitor, or a serial connection and log in using root account credentials.
Step 5 Enter the following command:
The Cisco NAC Guest Server will reboot and run the upgrade from the CD ROM.
Caution If your Cisco NAC Guest Server does not read the software on the CD ROM drive and instead attempts to boot from the hard disk, before proceeding you will need to change the appliance settings to boot from CD ROM as described in section "Configuring Boot Settings on NAC-3415 / NAC-3315 Based Appliances" in the
Cisco NAC Guest Server Installation and Configuration Guide, Release 2.1.
Step 6 At the upgrade screen:
•If choosing to upgrade from keyboard and monitor, enter the upgrade command and press the Enter key:
•If choosing to upgrade via a serial connection, enter the upgradeserial command and press the Enter key:
Note Before the 2.1 upgrade, a backup snapshot of the existing 1.x.x or 2.0.x database is automatically created and stored in the /guest.bak directory. In the event of an upgrade failure, Cisco recommends making a local backup of this directory.
Step 7 When the upgrade has finished, the appliance automatically reboots and the login prompt appears.
Step 8 Login with the root user ID and change the password as instructed. The password needs to be a minimum of 6 characters, should not be based on a dictionary word and should contain at least 5 different characters.
The Cisco NAC Guest Server will be upgraded and running release 2.1.
Upgrading to Software Release 2.1 With Replication Enabled from 1.x.x
Software release 2.1 can be applied to an existing release 2.0.4 or later installation. If you are running release 1.x.x upgrade to release 2.0.4 before running the upgrade to the latest 2.1 release.
If the appliance needs to be re-imaged, refer to the instructions in the installation chapter of the Cisco NAC Guest Server Installation and Configuration Guide, Release 2.1 before applying the release 2.1 upgrade.
Note The /etc/httpd/conf.d/ssl.conf file is modified to allow chain certificates to be installed. During the upgrade process, this file is reset to default and the modifications are lost. This causes the failure of certificates. After the upgrade process, you need to re-configure the ssl.conf file.
Use the following upgrade instructions if you have configured Cisco NAC Guest Server replication, where the database is synchronized between two boxes.
Step 1 Create a manual backup snapshot of one of the Cisco NAC Guest Servers in the replication pair from the Server > Backup > Snapshot page of the Administration interface.
|
Warning Because there is a possibility for data loss with upgrade, Cisco strongly recommends creating a backup snapshot to ensure your previous database is preserved prior to upgrade.
|
Step 2 Download the cisco-nac-guest-server-2.1-K9.iso ISO image file from the Cisco NAC Guest Server download page. Log in with your Cisco.com user credentials to the Cisco Software Download Site at http://www.cisco.com/public/sw-center/index.shtml and navigate to Security >Network Admission Control > Cisco NAC Guest Server > Cisco NAC Guest Server 2.1.
Step 3 Burn the ISO to a blank CDR disc.
Step 4 Insert the CD into the NAC Guest Server.
Step 5 Connect to the Cisco NAC Guest Server console using SSH, a keyboard and monitor, or a serial connection and log in using root account credentials.
Step 6 Enter the following command
Step 7 The Cisco NAC Guest Server will reboot and run the upgrade from the CD ROM.
Caution If your Cisco NAC Guest Server does not read the software on the CD ROM drive and instead attempts to boot from the hard disk, before proceeding you will need to change the appliance settings to boot from CD ROM as described in section "Configuring Boot Settings on NAC-3415 / NAC-3315 Based Appliances" in the
Cisco NAC Guest Server Installation and Configuration Guide, Release 2.1.
Step 8 At the upgrade screen:
•If choosing to upgrade from keyboard and monitor, enter the upgrade command and press the Enter key:
•If choosing to upgrade via a serial connection, enter the upgradeserial command and press the Enter key:
Note Before the 2.1 upgrade, a backup snapshot of the existing 1.x or 2.0.x database is automatically created and stored in the /guest.bak directory. In the event of an upgrade failure, Cisco recommends making a local backup of this directory.
Step 9 When the upgrade has finished, the appliance automatically reboots and the login prompt appears.
Step 10 Login with the root user ID and change the password as instructed. The password needs to be a minimum of 6 characters, should not be based on a dictionary word and should contain at least 5 different characters.
The Cisco NAC Guest Server will be upgraded and running release 2.1.
Step 11 Perform Steps 1 to 10 on the other Cisco NAC Guest Server unit in the pair.
Step 12 Once both Cisco NAC Guest Server appliances have been upgraded to release 2.1, you will need to reconfigure replication between the appliances. Replication is turned off as part of the upgrade process to avoid any inconsistencies in the upgrade.
|
Warning Failure to reconfigure replication immediately after upgrade will cause the two units to be unsynchronized and will cause data loss from one of the units when replication is set up at a later date.
|
New and Changed Information
This section describes new features and enhancements for this release of Cisco NAC Guest Server:
•Enhancements in Release 2.1
Enhancements in Release 2.1
Release 2.1 is a general and important bug fix release for the Cisco NAC Guest Server that addresses the caveats described in Known Issues for Cisco NAC Guest Server.
Cisco NAC Guest Server Release 2.1 supports the following:
•New Hardware Platform Support
•Support for Internet Explorer 10
•Features Removed in Release 2.1
New Hardware Platform Support
The Cisco NAC Guest Server Release 2.1 supports a new hardware platform, Cisco NAC Appliance (NAC-3415), which is based on the UCS C220 M3 server platform.
Note Cisco NAC Appliance platform (NAC-3415) supports only fresh installation of Release 2.1.
Support for Internet Explorer 10
The Cisco NAC Guest Server Release 2.1 works with Internet Explorer 10.
Features Removed in Release 2.1
The support for NAC-3310 has been dropped from Cisco NAC Guest Server Release 2.1.
Caveats
This section describes caveats related to the Cisco NAC Guest Server:
•Open Caveats - Release 2.1
Note If you are a registered cisco.com user, you can view Bug Toolkit on cisco.com at the following website:
http://www.cisco.com/pcgi-bin/Support/Bugtool/home.pl
To become a registered cisco.com user, go to the following website:
http://tools.cisco.com/RPF/register/register.do
Open Caveats - Release 2.1
Table 2 List of Open Caveats
DDTS Number
|
Software Release 2.1
|
Corrected
|
Caveat
|
CSCsz40132
|
No
|
Sponsors Activity Report circle users overlay on each other
When running a sponsor activity report if the numbers for a sponsor are too close together the text can overlap.
If there are certain sponsors with very large numbers of accounts and certain sponsors with very small numbers of accounts, the ones with very small numbers could have numbers that overlap on the screen.
Note The numbers can still be seen in the table below the report.
|
CSCty77644
|
No
|
Invalid SSL ceritificates should not be allowed to be uploaded in the NGS server.
When the administrator tries to install an SSL Certificate that is not relevant in the NAC Guest Server, the following error message is displayed: "The Current Private Key does not Correspond to the Current Certificate".
If the user clicks the Reboot Server option, the invalid certificate is uploaded and the GUI becomes inaccessible.
Workaround Generate and install a self-signed SSL Certificate using CLI. This enables the user to access the GUI. Refer to Known Issue with SSL Certificate.
|
CSCui52504
|
No
|
DB pruning procedure for DB >300MB
When the size of the database exceeds 300 MB, it might result in delayed activation of newly created Guest accounts and might affect overall performance. You can prune the database to avoid these issues. Refer to Known Issue with Database Size.
|
Known Issues for Cisco NAC Guest Server
This section describes known issues when working with Cisco NAC Guest Server:
•Known Issue with SSL Certificate
•Known Issue with BIOS Settings in NAC-3315
•Known Issue with Database Size
Known Issue with SSL Certificate
When the administrator tries to install an SSL Certificate that is not relevant in the NAC Guest Server, the following error message is displayed: "The Current Private Key does not Correspond to the Current Certificate".
If the user clicks the Reboot Server option, the invalid certificate is uploaded and the GUI becomes inaccessible. The workaround is to generate and install a self-signed SSL Certificate using CLI. This enables the user to access the GUI. See Also CSCty77644.
Perform the following steps to generate self-signed SSL Certificate using the CLI:
Step 1 Generate key and certificate file by entering the following command:
openssl req -new -key /etc/pki/tls/private/localhost.key -nodes -x509 -days 365 -out
/etc/pki/tls/certs/localhost.crt
Step 2 Enter the approrpriate information to be incorporated into your certificate request, as follows:
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Step 3 Provide a copy of the certificate and key to the postgres by entering the following commands:
cp /etc/pki/tls/certs/localhost.crt /var/lib/pgsql/data/server.crt
chmod 600 /var/lib/pgsql/data/server.crt
chown postgres:postgres /var/lib/pgsql/data/server.crt
cp /etc/pki/tls/private/localhost.key /var/lib/pgsql/data/server.key
chmod 600 /var/lib/pgsql/data/server.key
chown postgres:postgres /var/lib/pgsql/data/server.key
Step 4 Reboot the server.
You can access the GUI after rebooting the server.
Known Issue with BIOS Settings in NAC-3315
In NAC-3315, while booting NAC Guest Server through Console, you need to wait for 10 to 15 minutes for the server to boot up. If you are using a keyboard and monitor, you can view the message as "Press any key to continue..."
If you press any key, the appliance starts working normally. But if you do not press any key, then NAC Guest Server gets stuck at this stage.
To overcome this issue, you can disable the serial port redirection in BIOS settings. Go to BIOS Settings > Devices and I/O Ports > Remote Console direction > Remote Console Serial port and disable the option.
Known Issue with Database Size
When the size of the database exceeds 300 MB, it might result in delayed activation of newly created Guest accounts and might affect overall performance. You can prune the database to avoid these issues. To know more about database pruning, contact Cisco Technical Assistance Center (TAC). See Also CSCui52504.
Documentation Updates
Table 3 Updates to Release Notes for Cisco NAC Guest Server
Date
|
Description
|
11/27/12
|
Cisco NAC Guest Server Release 2.1
|
Related Documentation
For the latest updates to Cisco NAC Guest Server and Cisco NAC Appliance documentation on Cisco.com see: http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html
or simply http://www.cisco.com/go/nac/appliance
•Release Notes for Cisco NAC Guest Server, Release 2.1 (this document)
•Cisco NAC Guest Server Installation and Configuration Guide, Release 2.1
•Cisco NAC Appliance Service Contract/Licensing Support
•Cisco NAC Guest Server Data Sheet
•Cisco NAC Guest Server Q & A
•Cisco NAC Appliance - Cisco Clean Access Manager Installation and Configuration Guide
•Cisco Wireless LAN Controller Configuration Guide, Release 4.0
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.
Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.
Feedback
